Personal Data Protection
Passages Secrets collects and processes personal data about you when you purchase your travel package, in order to provide you with an experience perfectly adapted to your profile. The personal data collected is strictly necessary for the management of your travel.
The Dealigence SAS guarantees compliance with the General Data Protection Regulation or GDPR (European Regulation No. 2016/679 of 27 April 2016) which entered into force on 25 May 2018, and undertakes to respect the following principles :
– Ensure transparency, fairness and legality in the processing and use of your personal data.
– Limit the processing of personal data to specific, explicit and legitimate purposes.
– Minimise the collection and storage of personal data with regard to the purpose of the processing operations.
– Guarantee the accuracy of personal data and allow the client to delete or rectify them.
– Limit the period of storage of personal data.
– Technically ensure the security, integrity and confidentiality of personal data.
The Dealigence SAS informs you below of its personal data policy so that you can be fully informed of the processing carried out. You can therefore communicate your personal data in full knowledge of the facts before concluding your contract.
Types of data processed
The personal data of the clients of Passages Secrets are those that make it possible to identify individuals directly or indirectly.
Passages Secrets thus collects the data essential to the organization of the trip such as:
– Identification information: first and last name, date and place of birth, nationality, copy or passportdetails.
– Contact information: postal address, email, telephone number.
– It may happen that the proper execution of your reservation and your stay by The Dealigence SAS requires so-called sensitive data, linked to health (food allergies).
The collection concerns the data of all travellers registered on the booking confirmation. The client concluding the contract, and disclosing the personal data of all travellers, is bound by the consent of all the physical persons registered on the same contract.
La Purpose of data processing
Your data is collected at the time of the booking of your travel and is used:
– To book your travel arrangements.
– To the proper execution of the tour or stay.
– To monitor customer relations and optimise our services: sending newsletters, proposing new service offers or similar trips that may be of interest to you.
– To produce statistics.
Personal information provided by customers is processed by The Dealigence SAS exclusively on the basis of the execution of the contract and on their explicit consent given for any commercial prospection.
If you object to the processing of your data, your reservation cannot be validated.
If you refuse your consent, you will not receive any commercial prospection unless you have already contracted with Passages Secrets. In such case, you may receive similar offers.
Data transmission and data access
The Dealigence SAS is responsible for the processing of your data. Your data may therefore be stored, processed and transferred:
– To employees of The Dealigence SAS whose involvement is necessary for the performance of services or the follow-up of customer relations.
– Technical service providers (IT, web-hosting, email distribution, online payment provider).
These service providers are subject to compliance with the legislation in force. They shall act on instructions from The Dealigence SAS and may not have the data at their disposal for purposes other than those mentioned in Article 3.
Each of the parties responsible for processing the data on behalf of The Dealigence SAS provides sufficient guarantees to meet the requirements of the General Data Protection Regulation (GDPR).
Under no circumstances will personal data be transferred to third parties who do not interfere with the processing of data for the purposes described herein.
The data will not be transferred to service providers established outside the European Union.
Length of data retention
The personal data collected are kept for the length of the contractual relationship and for the time necessary to meet any legal or regulatory obligation.
The Dealigence SAS may keep the data for up to 5 years.
You have the right to access, rectify, delete, oppose and transfer your data to The Dealigence SAS, which will reply as soon as possible and at the latest within 30 days. This period may exceptionally be extended by 2 months in the event of specific and justified reasons.
You may also request a limitation on the processing of the data collected and you also have the right to withdraw your consent at any time.
These rights may be exercised at any time by contacting The Dealigence SAS by post at the following address: 104 rue Doudeauville, 75018 Paris, France or by email email@example.com.
It is also recalled that any person may also file a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL), the supervisory authority competent in France for the protection of personal data, in the event of difficulties.
The information collected by Passages Secrets is securely stored on the cloud of its OVH web-hosting provider in France.
When making online payments on the Passages Secrets website via your credit card, we guarantee that the payment is secured by Paypal, holder of the PCI DSS certification and authorized to store the customer’s bank details in order to complete the payment. We also guarantee that no bank details will be kept by The Dealigence SAS.
The Website is maintained and regularly updated to comply with any new regulations or legislation.
The Dealigence SAS undertakes to protect personal data by any appropriate technical and operational means in order to prevent any distortion, damage or intrusion by unauthorized third parties.
This protection will be carried out by any person likely to operate processing for the purposes mentioned in Article 3 above.
However, if the security of the data is violated by an accident or an illegal intrusion, The Dealigence SAS will notify the CNIL of the violation (destruction, loss, alteration, unauthorized disclosure) of the data within 72 hours. It will also notify this violation to the data subject if there is a high risk to its data.
What rights do our customers have and how can they exercise them?
Right of access: To obtain information about the processing of personal data and a copy of the personal data.
Right of rectification: If personal data are inaccurate or incomplete, the customer can demand that they be amended accordingly.
Right to erasure: The customer may request the deletion of his personal data to the extent permitted by the regulations.
Right to the limitation of the processing: The customer may request the limitation of the processing of his personal data.
Right to object: The customer may object to the processing of his personal data for reasons related to his particular situation. The customer has the absolute right to object to the processing of his personal data for commercial prospecting purposes, including profiling related to such prospecting.
Right to the portability of personal data: When this right is applicable, the customer has the right to have his or her personal data returned to him or her or, when technically possible, to have it transferred to a third party.
Right to define directives regarding the conservation : erasure or communication of personal data, applicable after death.
Right to withdraw consent: if the customer has given his consent to the processing of his personal data, he has the right to withdraw his consent at any time.
The customer can exercise the rights listed above, by mail addressed to The Dealigence SAS by contacting us on our website Passages Secrets. If the customer has any questions concerning the use of his personal data, he can contact our data protection officer, Isabelle Pioc, by mail at firstname.lastname@example.org.